Johannes Schlüter has a post to his site detailing the handling of types in PHP and MySQL and how they might act differently than expected in some situations.

Since PHP 7.0 has been released there's more attention on scalar types. Keeping types for data from within your application is relatively simple. But when talking to external systems, like a database things aren't always as one eventually might initially expect.

He talks about MySQL types and how they relate to the "network protocol" being used, converting everything to strings. He includes a few examples of hinting on the results, one where an integer is expected/string provided and another where a string was type hinted but an integer was returned. He points out that sometimes this is a limitation of what PHP can handle, not always what MySQL returns. He also includes other examples of returning decimals - sometimes as a number value and others as a string.

This leaves the question whether you should disable the emulation in order to get the correct types. Doing this has some impact on performance characteristics: With native prepared statements there will be a client-server round-trip during the prepare and another round-trip for the execute.

With so much potential for distraction, it's no wonder that developers continue to fall victim to the very same security gaffes that have afflicted the community for well over a decade. Notably, failure to properly validate user input remains the single most serious security issue, with several of the Open Web Application Security Project's top ten security risks originating directly from this oversight.

He shows how much of an issue improperly escaped data can cause and how to validate a few different kinds of data like alphanumeric string and integers. He also mentions using prepared statements or the Zend_Filter component of the Zend Framework.

DevShed wraps up their look at databases in PHP (a excerpted from "Programming PHP, Second Edition") with this new tutorial showing how to insert and work with PDO prepared statements.

Concluding our discussion of databases and PHP, we'll finish building the [administration portion of the website] example that we started last week.

They start with the code for the administration page for adding a new record to the table - in this case, a business. They give the code to handle the submit and how to display a list of the current businesses. They wrap it up with a look at working with PHP Data Objects (PDO) and using them to create prepared statements.

DevShed wraps up their look at databases in PHP (a excerpted from "Programming PHP, Second Edition") with this new tutorial showing how to insert and work with PDO prepared statements.

Concluding our discussion of databases and PHP, we'll finish building the [administration portion of the website] example that we started last week.

They start with the code for the administration page for adding a new record to the table - in this case, a business. They give the code to handle the submit and how to display a list of the current businesses. They wrap it up with a look at working with PHP Data Objects (PDO) and using them to create prepared statements.

On CodePoets.co.uk, there's a new tutorial posted by David Goodwin showing how to use PHP with the PEAR MDB2 component to access your database backend.

While writing some PHP Training materials for Pale Purple, I thought I'd add an updated guide on PHP and database access. I've already done one on PEAR::DB, but PEAR::MDB2 is it's successor and has a slightly different API.... and as PEAR::DB is now deprecated, it's probably about time I rewrote it anyway.

Davidlooks at what the MDB2 package is, how to install it, connecting to your database and including some error handling as well. He (thankfully) also touches on one of the most handy features of the package - the prepared statements and the security they can offer.

On CodePoets.co.uk, there's a new tutorial posted by David Goodwin showing how to use PHP with the PEAR MDB2 component to access your database backend.

While writing some PHP Training materials for Pale Purple, I thought I'd add an updated guide on PHP and database access. I've already done one on PEAR::DB, but PEAR::MDB2 is it's successor and has a slightly different API.... and as PEAR::DB is now deprecated, it's probably about time I rewrote it anyway.

Davidlooks at what the MDB2 package is, how to install it, connecting to your database and including some error handling as well. He (thankfully) also touches on one of the most handy features of the package - the prepared statements and the security they can offer.